Password Card Hinting System

ABSTRACT

A method and apparatus for creating and using a password card and a password hint. The invention allows the user to avoid revealing their password and because of that, the invention provides a better secure way of managing passwords. The user is still able to retrieve their password using the password hint and the password card generated by the system. The invention also allow to encrypt and decrypt the password hint to an external API and this add an extra layer of security protection.

FIELD OF THE INVENTION

The present invention relates to systems and methods for recording and retrieving a password card and/or password hint.

BACKGROUND OF THE INVENTION

There is a growing interest in the world of computerized systems access to generate strong passwords compatible with requirements of such systems. Allowing the generation of strong passwords increases security but also increases the complexity of remembering those passwords. One of the benefit of this invention is to help people remembering their passwords no matter the length and the complexity with minimum effort by the end user.

In the field of security, existing systems requires the user to reveal their passwords in order to retrieve them and by doing that forces the user to trust the provider of such system. This invention allows the user to bypass this requirement and the passwords are not recorded which provides a separation of concern between the user's password and how to retrieve it which increases trust.

In the world of computer, a system can be compromised and in some case, if the user's password is recorded in such system, the password could potentially be generated by those attackers if they are able to find the encryption key and assuming that those passwords are encrypted. Using this invention, even if those attackers are able to decrypt the user's hint, they won't be able to generate the user's password other than using brute force. They will need also to decrypt and retrieve the user's password card associated with the user's hint. Even if they have both, the user's hint and the user's system generated password card, it's not obvious how to generate the user's password and therefore this invention provides a method that is more secure to existing system.

Since an attacker could gain access to the user's hint and the user's password card if the encryption key was compromised, this invention describe a method to add another layer of encryption using a web hook to an external encryption system. By allowing the user to optionally setup this external encryption system's web hook, the attacker will have to also gain access to this external system in order to decrypt the user's hint and user's password card. This extra layer of protection increases security.

BRIEF SUMMARY OF THE INVENTION

In summary, the Password Cards Hinting System of the present invention provides the user a better way to manage their passwords. The invention provides methods providing a better secure way to generate strong passwords by using a password card and to retrieve their password using a password hint. The invention provides methods to generate strong passwords automatically based on defined requirements using the password card and methods to generate automatically a password hint. The invention provides methods to add an extra security layer by allowing the user to setup an encryption and decryption web hooks API. The invention provides methods to encrypt and decrypt the password hint using the web hook APIs.

BRIEF DESCRIPTION

The accompanying drawings, which are incorporated herein and form part of the specification, illustrate various embodiments of the present invention and, together with the description, further serve to explain the principles of the invention and to enable a person skilled in the pertinent art to make and use the invention. In the drawings, like reference numbers indicate identical or functionally similar elements.

FIG. 1 is a password card of x width and y height and that contains a plurality of characters.

FIG. 2 is a flow diagram illustrating a general method for operation on how the user's password hint is recorded.

FIG. 3 is a flow diagram illustrating a general method for operation on how the user's recorded password hint is retrieved and shown as text.

FIG. 4 is a flow diagram illustrating a general method for operation on how the user's recorded password hint is retrieved and shown graphically on the password card.

FIG. 5 is a flow diagram illustrating a general method for operation on how an external system to encrypt and decrypt a password hint is configured.

FIG. 6 is a flow diagram illustrating a general method for operation on how a user's password hint is encrypted by an external system.

FIG. 7 is a flow diagram illustrating a general method for operation on how a user's password hint is decrypted by an external system.

DETAILED DESCRIPTION OF THE INVENTION

There are many computerized systems requiring passwords today and the number is increasing. The requirements of having strong passwords is increasing in such systems because the technics to break those passwords is improving due to many factors including the increase of processing power.

The user must be able to remember those strong passwords but this is becoming more difficult to do. The user could record those passwords in more vulnerable places easier to steal. The user could also be tempted to generate those password using common words and/or phrases easier to guess.

The system by providing a combination of a password card and a password hint, the security is increased because the user can generate a strong password using the password card provided and the user can easily figure out what that password is by using the password hint. For example, using the password card in FIG. 1, a user could decide that the password will be the first row and all the characters in that row. Then using that example, the user's password will then be xwrlp@wrnpxwr$p . This password is considered a strong password by many embodiments but not easy to remember. In that same example, the user can decide to record his hint to be “row 1”. Later, when the user is then presented with that password card along with that password hint, he can figure out what the password is.

In order to use the password card, a user provides initial information on the requirements to generate it. In FIG. 2, the user enters a password card code (100) which is a plurality of characters. Using that password card code, the system generates the password card using some hash algorithm (110). The password card is a matrix x by y of plurality of characters, where x represent a plurality of columns and y represents a plurality of rows. The user then sees the password card generated and enters a password hint (120) to be recorded into the system (130).

In order for the user to retrieve the password, the user must see the password card along with the password hint. As shown in FIG. 3, the user has the option (200) to pick a recorded password card (220) or generate one from a password card code (210) (230). The system shows to the user the password card (250) and provides an option (260) to show the password hint after retrieving it (240). The reason to not show the password hint is to increase security. In some environment, people might look over the user's shoulder and by allowing the user to decide when to show the password hint the system is then more secure. If the user decides to allow the system to show the password hint (270), the system then shows it (280).

The user is able to define a password hint by looking at the password card and by doing so, the operation is not fully automated because the user is responsible to come up with the password and the hint. Furthermore, even if the user can generate a strong password it does not mean it will fulfill the requirements of some embodiments. Many embodiments require specific type of characters to compose a password to force the user to come up with a strong password. For example, some embodiments might require one character to be upper case, or and have one numeric character and or one symbol such as (!<>@). The system to simplify this operation, provides steps to automate the generation of the password and the password hint to fulfill the requirements of those embodiments. As shown in the FIG. 4, the user provides the requirements of an embodiment such as the type of characters required, optional and the minimum and maximum length of the password to be generated (300). After those requirements have been provided to the system, a user able to request the generation (310) of a password by the system (320). After the password is generated by the system, the password hint is also generated (330). The hint generated is in the form of positions within the password card. For example, using the password card shown at FIG. 1, if the password is the entire first row starting from the left to the right, the password is going to be (xwrlp@wrnpxwr$p) and the password hint will be (A1-01) where the characters A and 0 are the characters representing the columns of the password card and the number 1, the row number. The hint A1-01 means starts at column 1, row 1 and ends at column 0, row 1 by selecting all the characters in between, inclusive of A1 and O1. After the generation of the password hint, the system allows optionally the user to show the hint (350). If the user decides to see it, the system shows it to the user (360). The system provides optionally to the user to show the password on the password card highlighted (370). If the user decides to see the password highlighted, the password card characters representing the password are highlighted on the password card (390). This is to allow an easy presentation to the user of what the password looks like when using the password card. It's easier to the user to remember a line selected on the password card than the characters themselves.

The system encrypt the information before recording the information into a persistent media. Even if the information is encrypted in the system, if a hacker gains access of the system and to the encryption key, the information could be decrypted. To add a layer of security, the system provides the option to the user to setup an encryption decryption Web Hooks API. The user defines the web address for the encryption and decryption web hooks API (400) (410) (420). The system then knows to call such API when to encrypt the password hint and when to decrypt it. After the web hooks are setup and are used by the system, a hacker will have to hack into the external system as well in order to see the decrypted hint. This extra layer increases security and increases difficulty against hacking.

When the system gets the password hint from the user or by generating it automatically (500), the system check if a web hook is configured (510) for encryption. If the web is configured, the system first encrypt the password hint, then calls the web hook API with that encrypted text (520). The system gets a response back from the web hook API and the result is the text encrypted by the external system (530). The system then record that result.

When the system retrieved the user's password hint recorded (600), it also check if the web hook API for decryption is configured and require. If the web hook API is configured and require (610), the system then calls the web hook API by providing that recorded text value (620). The system gets a response back from the external webhook API call and obtain the decrypted text. The system then decrypt that value internally and at that step, the value is the text originally provided by the user or the value that was auto generated by the system in an unencrypted form. 

The invention claimed is:
 1. A method for recording and/or retrieving a password hint, the method comprising: 1.1. A computer processing system; 1.2. A password card comprising of a visual grid comprising; 1.2.1. plurality of columns and rows and where each cell of that grid contains one character or a plurality of characters
 2. The method of claim 1, wherein the password card is generated using a password card code comprising of plurality of characters and can be recorded in the computer processing system.
 3. The method of claim 2, wherein the password hint is entered by the user in a plurality of characters and can be recorded in the computer processing system.
 4. The method of claim 3, wherein the password hint is retrieve from the computer processing system and is optionally shown.
 5. The method of claim 2, wherein a password requirement is defined comprising of set of rules defining which type of characters should be used and/or how many of each type and the minimum and maximum amount of characters for the password.
 6. The method of claim 5, wherein the computer processing system using the password card and the password requirement generates a password of plurality of characters.
 7. The method of claim 6, wherein the computer processing system using the generated password, generate the password hint of plurality of characters.
 8. The method of claim 6, wherein the computer processing system optionally shows highlighted characters on the password card representing the password.
 9. The method of claim 1, wherein the computer processing system optionally allows the user to define a web hook API for encryption and decryption of the password hint.
 10. The method of claim 3, wherein the password hint is encrypted using the optionally defined web hook API for encryption.
 11. The method of claim 3, wherein the password hint is decrypted using the optionally defined web hook API for decryption. 